Operational Risk Europe Summit Agenda

Session details 

• Bringing impact tolerances alongside risk management
• Condensing for senior management and the board to understand
• Addressing and prioritizing risks and remediating
• Removing fragmentation and siloed nature of managing risk
• Managing jurisdictional disparities
• PRA regulatory requirements for operational resilience
• Complying with the European Digital Operational Resilience Act (DORA)
• Remediating resilience vulnerabilities identified

Session details 

• Reviewing credit worthiness of third-party suppliers
• Managing cloud risk as a third-party risk
• Management of financial market infrastructure providers
• Updated EBA guidelines on third party and outsourcing management
• Understanding the importance of exit planning and the difficulty to replace suppliers
• The linkage of third-party vendor management to cybercrime and data privacy
• Ensuring correct controls in place to manage third parties
• Understanding your vulnerabilities to third and fourth parties
• Identifying concentration risks in your third parties 

Session details 

• • Developing point in time assurance processes
  • Reaction time after a notification and assessment of risk
  • Inclusion operational resilience requirements
    • Identifying important business services and tolerances
  • Managing supply chain concentration
  • Exiting markets as a result of geopolitical tension
    • Identifying supply chain exposure
  • Reviewing Covid as the catalyst for global supply chain issues
  • Reviewing how cyber-attacks can and have disrupted supply chains

Session details 

• • • • Interconnected nature of political risks: Interaction with supplier and cyber risks
      • Exit planning across certain jurisdictions
      • Managing continued economic shocks
        • Brexit, Covid-19, Russia/Ukraine conflict, energy crisis etc…
      • Developing meaningful scenario analysis capabilities
      • Managing political instability globally
        • Externally and within UK politics
      • Impact of energy crisis on consumer behavior
      • Viewing geopolitical risk as a driver of operational risk
      • Ensuring sufficient controls are in place to combat geopolitical risks

Session details 

• • Communicating risk to the board
  • Enhancing agility to update technology infrastructure
  • Consequences of errors in a cloud environment
  • Understanding the size and capability shift with migrating to cloud
  • Ensuring the security controls and frameworks extends to cloud providers
  • Introduction of European Union Cybersecurity Certification Scheme on Cloud Services (EUCS)
  • Increased regulatory requirements when working with cloud providers
  • Ensuring necessary workforce to manage the change to cloud

Session details 

• Interpretation and analysis of data
  • Leveraging to inform business decisions
• Maintaining data integrity: Ensuring sources are accurate, reliable, sustainable and repeatable
• Assessing the use of increased personal data organizations have access to
• Using different systems to store data
• Ensuring the correct tools and capabilities to manage data
• Data risk from technology transformation
• Increased regulatory scrutiny and fine potential.
• Maintaining security and control over data

Session details 

• • • Movement towards enterprise adoption of DLT
    • Automating decision making
    • Recruiting and retaining risk technology talent
    • Managing the constant changing pace of technology
    • Assessing the correct approach to adopting new technologies
    • Increased use of automation and the threats it is susceptible to
    • Strategizing against cyber risk during digital transformation
    • Importance of technological changes to enhance service provided
    • Importance of building out control level when enhancing technology

Session details 

• • • Overseeing and controlling decisions
    • Identification techniques to remove bias
    • Managing information risk and use of data
    • Understanding how AI and Machine Learning works
    • Automating decision making processes
    • Reviewing processes when technology makes unexpected decisions
    • Leveraging for pattern analysis to prevent fraud
    • Operational risks of using AI and Machine Learning

Session details 

• • • Assessing what institutions need to do in order to meet consumer duty
    • Effectively executing and fully implementing plans
    • Demonstrating full compliance with rules that are effective July 2023
    • Challenges of adhering to the consumer duty obligation in a downturn environment
    • Implementing enhanced protections for the customer
    • Assessing how consumer behavior could impact the industry.
    • Variations across insurance and banking

Session details 

• • • Increased complexity of interplay of risks
    • Identifying connections across risks and events
    • Understanding true exposure and connection
    • Enhancing decision making and efficiency
    • Comparing the drivers and consequences of different risks
    • Re-aligning culture to better asses risk holistically.

Session details 

• • • Executing change across businesses
    • Managing operational risks alongside change
    • Business change in a volatile economic environment
    • Enhancement of technology in day to day business
    • Reviewing how geopolitical impacts can change business
    • Leveraging data to become predictive of future business change

Session details 

• • • • Effectiveness of internal control frameworks
      • Ensuring control framework is fit for purpose
      • Impact of hybrid working on control frameworks
      • Importance of an enhanced controls framework in a digitized environment
      • Incorporating governance into your framework
      • Identifying potential weaknesses or gaps in frameworks
      • Managing recovery, restructure and wind down plan (RRWP)
      • Evaluating the aftermath of Covid-19 and impact on controls

Session details 

• • • Reviewing the importance of conducting culture and behavior assessments
    • Reinforcement of a healthy organizational culture for employees to work in
    • Incorporating diversity across the culture of an institution
    • Defining behavior and culture of your employees
    • Raising the profile of risk culture
    • Building a risk culture dashboard
    • Implementing behavior assessments.

Session details 

• • • • Ensuring teams are healthy, focused and engaged
      • Managing people alongside the pace of change
      • Impact of external events on people risk
      • Aligning pay with the cost of living
      • Oversight and supervision capabilities
      • Identifying, attracting and retaining the right skills
      • Assessing how hybrid working can make it difficult to integrate new employees

Session details 

• • • • Talent to manage current economic conditions
      • Managing customers facing financial difficulty
      • Volatility as key driver of increased risk
        • Fraud, misconduct, rogue trading etc…
      • Understanding and predicting potential impacts to customers
      • Impact of interest rates, inflation and energy limitations on operational functions
      • Correlation between economic downturns and emergence of operational risk incidents
      • Ensuring products are able to operate in a volatile economic environment.

Session details 

• Increased risk of supply chain attacks
• SolarWinds case study
• Increased vulnerability with heighted reliance on third parties
• Exploitation of Russia/Ukraine conflict
• Educating users on ransomware risks
• Managing underlying reputation risks
• Alignment with resilience and impact tolerances
• Management after a cyber event
  • Lessons learned and recovery
• Educating employees and customers on cyberattacks.
• Ensuring there is sufficient cyber security controls and capabilities

Session details 

• Managing range of climate change scenarios
  • Transmission of climate change scenarios into operational risk scenarios
• Availability of data
• Impact of climate change on reputation of banks
• Importance of climate risk assessments to avoid operational risks
• Reviewing physical and transition risks
• Ensuring climate risk is prioritized alongside other operational risks
• Importance of keeping up with the pace of change in climate risk
• Increased regulatory focus on climate risk from the ECB

Session details 

• Assessing how geopolitical actions are impacting the level of financial crime
• Ensuring the right controls are in place to keep up with ever increasing challenge of sanctions
• Mitigation measurements put in place against the heightened fraud landscape
• Anticipating how new sanctions can impact your business model
• Addressing the potential increase of insider threat / internal fraud
• Reviewing the unexplored operational and cyber risks of digital assets
• Managing increasing global sanctions environment
• Impact of sanctions on operational model
• Understanding impact of changes on business model.

Session details 

• Best practice for auditing Non-Financial Risk Frameworks from both 1LOD and 2LOD
• Effectively using data and analytics to support a testing approach
• Focus on testing to apply a horizontal and vertical lens to identify common read-across themes
• Increasing importance on independent review and challenge provided by Risk SMEs in 2LOD
• Assessing adequacy and effectiveness of the what and how elements in the design of Non-Financial Risk Framework’s